Security

Budget airline easyJet was aware of the data breach, which revealed personal information of nine million customers and the credit card information of over 2,200 customers, in January.

News of the cyber attack broke yesterday, revealing that the attacker or attackers had access to the data of customers who booked flights from 17 October 2019 to 4 March 2020. In a statement, the airline said: “We’re sorry that this has happened, and we would like to reassure customers that we take the safety and security of their information very seriously.

Analysis of the source code for the UK contact tracing app has revealed no fewer than seven security flaws.

One of these is that the random code assigned to users is only changed once a day, making it much easier to de-anonymize individuals …

A vulnerability in the secure messaging app Signal could let a bad actor track a user’s location, according to findings from cybersecurity firm Tenable.

Researcher David Wells found that he could track a user’s movements just by calling their Signal number — whether or not the user had his contact information. This could be a big problem for victims of stalking, or for activists and journalists who are trying to avoid government or law enforcement detection to leak information or act in a whistleblower capacity.

As millions of people around the United States scrambled in recent weeks to collect unemployment benefits and disbursements through the federal Cares Act, officials warned about the looming threat of Covid-19-related scams online. Now they're here.

A security bug that gave malicious hackers the ability to access the cameras of Macs, iPhones, and iPads has fetched a $75,000 bounty to the researcher who discovered it.

In posts published here and here, researcher Ryan Pickren said he discovered seven vulnerabilities in Safari and its Webkit browser engine that, when chained together, allowed malicious websites to turn on the cameras of Macs, iPhones, and iPads. Pickren privately reported the bugs, and Apple has since fixed the vulnerabilities and paid the researcher $75,000 as part of the company’s bug bounty program.

Microsoft and Intel have recently collaborated on a new research project that explored a new approach to detecting and classifying malware.

Called STAMINA (STAtic Malware-as-Image Network Analysis), the project relies on a new technique that converts malware samples into grayscale images and then scans the image for textural and structural patterns specific to malware samples.

SECURITY PARANOIACS HAVE warned for years that any laptop left alone with a hacker for more than a few minutes should be considered compromised. Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs.

Remember those nice North Korean hackers who destroyed Sony Pictures' computers, spread the WannaCry ransomware worm around the world and stole $100 million from the central bank of Bangladesh? Well, they're back, and they're attacking Macs.

Malwarebytes researchers said today (May 6) that the Lazarus Group, also known as Hidden Cobra, has repurposed the Linux variant of the Dacls remote-access Trojan (RAT) to work on Macs. RATs sneak onto a machine and give a remote attacker partial or full control.

Open source software has the potential to be very secure. Unlike proprietary code that can only be accessed directly by its own developers, anyone can vet open source projects to spot flaws and bugs. In practice, though, being open source is no panacea. Now, code repository GitHub is rolling out new tools for its GitHub Advanced Security suite that will make it easier to root out vulnerabilities in the open source projects managed on its platform.

Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.

Dubbed 'POWER-SUPPLaY,' the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers.